5,027 research outputs found
Reverse engineering to achieve maintainable WWW sites
The growth of the World Wide Web and the accelerated development of web sites and associated web technologies has resulted in a variety of maintenance problems. The maintenance problems associated with web sites and the WWW are examined. It is argued that currently web sites and the WWW lack both data abstractions and structures that could facilitate maintenance. A system to analyse existing web sites and extract duplicated content and style is described here. In designing the system, existing Reverse Engineering techniques have been applied, and a case for further application of these techniques is made in order to prepare sites for their inevitable evolution in futur
PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
PowerShell is nowadays a widely-used technology to administrate and manage
Windows-based operating systems. However, it is also extensively used by
malware vectors to execute payloads or drop additional malicious contents.
Similarly to other scripting languages used by malware, PowerShell attacks are
challenging to analyze due to the extensive use of multiple obfuscation layers,
which make the real malicious code hard to be unveiled. To the best of our
knowledge, a comprehensive solution for properly de-obfuscating such attacks is
currently missing. In this paper, we present PowerDrive, an open-source, static
and dynamic multi-stage de-obfuscator for PowerShell attacks. PowerDrive
instruments the PowerShell code to progressively de-obfuscate it by showing the
analyst the employed obfuscation steps. We used PowerDrive to successfully
analyze thousands of PowerShell attacks extracted from various malware vectors
and executables. The attained results show interesting patterns used by
attackers to devise their malicious scripts. Moreover, we provide a taxonomy of
behavioral models adopted by the analyzed codes and a comprehensive list of the
malicious domains contacted during the analysis
The Transitivity of Trust Problem in the Interaction of Android Applications
Mobile phones have developed into complex platforms with large numbers of
installed applications and a wide range of sensitive data. Application security
policies limit the permissions of each installed application. As applications
may interact, restricting single applications may create a false sense of
security for the end users while data may still leave the mobile phone through
other applications. Instead, the information flow needs to be policed for the
composite system of applications in a transparent and usable manner. In this
paper, we propose to employ static analysis based on the software architecture
and focused data flow analysis to scalably detect information flows between
components. Specifically, we aim to reveal transitivity of trust problems in
multi-component mobile platforms. We demonstrate the feasibility of our
approach with Android applications, although the generalization of the analysis
to similar composition-based architectures, such as Service-oriented
Architecture, can also be explored in the future
Towards maintainer script modernization in FOSS distributions
Free and Open Source Software (FOSS) distributions are complex software
systems, made of thousands packages that evolve rapidly, independently, and
without centralized coordination. During packages upgrades, corner case
failures can be encountered and are hard to deal with, especially when they are
due to misbehaving maintainer scripts: executable code snippets used to
finalize package configuration. In this paper we report a software
modernization experience, the process of representing existing legacy systems
in terms of models, applied to FOSS distributions. We present a process to
define meta-models that enable dealing with upgrade failures and help rolling
back from them, taking into account maintainer scripts. The process has been
applied to widely used FOSS distributions and we report about such experiences
A Framework for Datatype Transformation
We study one dimension in program evolution, namely the evolution of the
datatype declarations in a program. To this end, a suite of basic
transformation operators is designed. We cover structure-preserving
refactorings, but also structure-extending and -reducing adaptations. Both the
object programs that are subject to datatype transformations, and the meta
programs that encode datatype transformations are functional programs.Comment: Minor revision; now accepted at LDTA 200
SMIL State: an architecture and implementation for adaptive time-based web applications
In this paper we examine adaptive time-based web applications (or presentations). These are interactive presentations where time dictates which parts of the application are presented (providing the major structuring paradigm), and that require interactivity and other dynamic adaptation. We investigate the current technologies available to create such presentations and their shortcomings, and suggest a mechanism for addressing these shortcomings. This mechanism, SMIL State, can be used to add user-defined state to declarative time-based languages such as SMIL or SVG animation, thereby enabling the author to create control flows that are difficult to realize within the temporal containment model of the host languages. In addition, SMIL State can be used as a bridging mechanism between languages, enabling easy integration of external components into the web application. Finally, SMIL State enables richer expressions for content control. This paper defines SMIL State in terms of an introductory example, followed by a detailed specification of the State model. Next, the implementation of this model is discussed. We conclude with a set of potential use cases, including dynamic content adaptation and delayed insertion of custom content such as advertisements. © 2009 Springer Science+Business Media, LLC
GAMESPECT: A Composition Framework and Meta-Level Domain Specific Aspect Language for Unreal Engine 4
Game engine programming involves a great number of software components, many of which perform similar tasks; for example, memory allocation must take place in the renderer as well as in the creation routines while other tasks such as error logging must take place everywhere. One area of all games which is critical to the success of the game is that of game balance and tuning. These balancing initiatives cut across all areas of code from the player and AI to the mission manager. In computer science, we’ve come to call these types of concerns “cross cutting”. Aspect oriented programming was developed, in part, to solve the problems of cross cutting: employing “advice” which can be incorporated across different pieces of functionality.
Yet, despite the prevalence of a solution, very little work has been done to bring cross cutting to game engine programming. Additionally, the discipline involves a heavy amount of code rewriting and reuse while simultaneously relying on many common design patterns that are copied from one project to another. In the case of game balance, the code may be wildly different across two different games despite the fact that similar tasks are being done. These two problems are exacerbated by the fact that almost every game engine has its own custom DSL (domain specific language) unique to that situation. If a DSL could showcase the areas of cross cutting concerns while highlighting the ability to capture design patterns that can be used across games, significant productivity savings could be achieved while simultaneously creating a common thread for discussion of shared problems within the domain.
This dissertation sought to do exactly that- create a metalanguage called GAMESPECT which supports multiple styles of DSLs while bringing aspect-oriented programming into the DSL’s to make them DSAL (domain specific aspect languages). The example cross cutting concern was game balance and tuning since it’s so pervasive and important to gaming. We have created GAMESPECT as a language and a composition framework which can assist engine developers and game designers in balancing their games, forming one central place for game balancing concerns even while these concerns may cross different languages and locations inside the source code. Generality was measured by showcasing the composition specifications in multiple contexts and languages.
In addition to evaluating generality and performance metrics, effectiveness was be measured. Specifically, comparisons were made between a balancing initiative when performed with GAMESPECT vs a traditional methodology. In doing so, this work shows a clear advantage to using a Metalanguage such as GAMESPECT for this task. In general, a line of code reduction of 9-40% per task was achieved with negligible effects to performance. The use of a metalanguage in Unreal Engine 4 is a starting point to further discussions concerning other game engines. In addition, this work has implications beyond video game programming. The work described highlights benefits which might be achieved in other disciplines where design pattern implementations and cross-cutting concern usage is high; the real time simulation field and the field of Windows GUI programming are two examples of future domains
- …